-expire flag for ad_set_signed_cookie (and therefore ad_set_cookie) was not specified by ad_user_login and set false per-default. This prevented parameters to set cookie expiration to have an effect, even when -max_age was correctly specified.